From 066c312420b076cce002220f7b04b6c34abf1485 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Sat, 17 Jun 2023 10:26:14 +0200 Subject: [PATCH] 4.14-stable patches added patches: net-usb-qmi_wwan-add-support-for-compal-rxm-g1.patch nilfs2-fix-incomplete-buffer-cleanup-in-nilfs_btnode_abort_change_key.patch nilfs2-fix-possible-out-of-bounds-segment-allocation-in-resize-ioctl.patch nios2-dts-fix-tse_mac-max-frame-size-property.patch ocfs2-check-new-file-size-on-fallocate-call.patch ocfs2-fix-use-after-free-when-unmounting-read-only-filesystem.patch --- ...i_wwan-add-support-for-compal-rxm-g1.patch | 88 +++++++++++++++ ...nup-in-nilfs_btnode_abort_change_key.patch | 53 ++++++++++ ...s-segment-allocation-in-resize-ioctl.patch | 62 +++++++++++ ...-fix-tse_mac-max-frame-size-property.patch | 46 ++++++++ ...heck-new-file-size-on-fallocate-call.patch | 57 ++++++++++ ...when-unmounting-read-only-filesystem.patch | 100 ++++++++++++++++++ queue-4.14/series | 6 ++ 7 files changed, 412 insertions(+) create mode 100644 queue-4.14/net-usb-qmi_wwan-add-support-for-compal-rxm-g1.patch create mode 100644 queue-4.14/nilfs2-fix-incomplete-buffer-cleanup-in-nilfs_btnode_abort_change_key.patch create mode 100644 queue-4.14/nilfs2-fix-possible-out-of-bounds-segment-allocation-in-resize-ioctl.patch create mode 100644 queue-4.14/nios2-dts-fix-tse_mac-max-frame-size-property.patch create mode 100644 queue-4.14/ocfs2-check-new-file-size-on-fallocate-call.patch create mode 100644 queue-4.14/ocfs2-fix-use-after-free-when-unmounting-read-only-filesystem.patch diff --git a/queue-4.14/net-usb-qmi_wwan-add-support-for-compal-rxm-g1.patch b/queue-4.14/net-usb-qmi_wwan-add-support-for-compal-rxm-g1.patch new file mode 100644 index 00000000000..347f371ec77 --- /dev/null +++ b/queue-4.14/net-usb-qmi_wwan-add-support-for-compal-rxm-g1.patch @@ -0,0 +1,88 @@ +From 863199199713908afaa47ba09332b87621c12496 Mon Sep 17 00:00:00 2001 +From: Wes Huang +Date: Thu, 8 Jun 2023 11:01:42 +0800 +Subject: net: usb: qmi_wwan: add support for Compal RXM-G1 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Wes Huang + +commit 863199199713908afaa47ba09332b87621c12496 upstream. + +Add support for Compal RXM-G1 which is based on Qualcomm SDX55 chip. +This patch adds support for two compositions: + +0x9091: DIAG + MODEM + QMI_RMNET + ADB +0x90db: DIAG + DUN + RMNET + DPL + QDSS(Trace) + ADB + +T: Bus=03 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 2 Spd=5000 MxCh= 0 +D: Ver= 3.20 Cls=00(>ifc ) Sub=00 Prot=00 MxPS= 9 #Cfgs= 1 +P: Vendor=05c6 ProdID=9091 Rev= 4.14 +S: Manufacturer=QCOM +S: Product=SDXPRAIRIE-MTP _SN:719AB680 +S: SerialNumber=719ab680 +C:* #Ifs= 4 Cfg#= 1 Atr=80 MxPwr=896mA +I:* If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=(none) +E: Ad=81(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms +E: Ad=01(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms +I:* If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=(none) +E: Ad=83(I) Atr=03(Int.) MxPS= 10 Ivl=32ms +E: Ad=82(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms +E: Ad=02(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms +I:* If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan +E: Ad=84(I) Atr=03(Int.) MxPS= 8 Ivl=32ms +E: Ad=8e(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms +E: Ad=0f(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms +I:* If#= 3 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=(none) +E: Ad=03(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms +E: Ad=85(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms + +T: Bus=03 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 2 Spd=5000 MxCh= 0 +D: Ver= 3.20 Cls=00(>ifc ) Sub=00 Prot=00 MxPS= 9 #Cfgs= 1 +P: Vendor=05c6 ProdID=90db Rev= 4.14 +S: Manufacturer=QCOM +S: Product=SDXPRAIRIE-MTP _SN:719AB680 +S: SerialNumber=719ab680 +C:* #Ifs= 6 Cfg#= 1 Atr=80 MxPwr=896mA +I:* If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=30 Driver=(none) +E: Ad=81(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms +E: Ad=01(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms +I:* If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=(none) +E: Ad=83(I) Atr=03(Int.) MxPS= 10 Ivl=32ms +E: Ad=82(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms +E: Ad=02(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms +I:* If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=qmi_wwan +E: Ad=84(I) Atr=03(Int.) MxPS= 8 Ivl=32ms +E: Ad=8e(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms +E: Ad=0f(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms +I:* If#= 3 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none) +E: Ad=8f(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms +I:* If#= 4 Alt= 0 #EPs= 1 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none) +E: Ad=85(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms +I:* If#= 5 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=42 Prot=01 Driver=(none) +E: Ad=03(O) Atr=02(Bulk) MxPS=1024 Ivl=0ms +E: Ad=86(I) Atr=02(Bulk) MxPS=1024 Ivl=0ms + +Cc: stable@vger.kernel.org +Signed-off-by: Wes Huang +Acked-by: Bjørn Mork +Link: https://lore.kernel.org/r/20230608030141.3546-1-wes.huang@moxa.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/usb/qmi_wwan.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/drivers/net/usb/qmi_wwan.c ++++ b/drivers/net/usb/qmi_wwan.c +@@ -1181,7 +1181,9 @@ static const struct usb_device_id produc + {QMI_FIXED_INTF(0x05c6, 0x9080, 8)}, + {QMI_FIXED_INTF(0x05c6, 0x9083, 3)}, + {QMI_FIXED_INTF(0x05c6, 0x9084, 4)}, ++ {QMI_QUIRK_SET_DTR(0x05c6, 0x9091, 2)}, /* Compal RXM-G1 */ + {QMI_FIXED_INTF(0x05c6, 0x90b2, 3)}, /* ublox R410M */ ++ {QMI_QUIRK_SET_DTR(0x05c6, 0x90db, 2)}, /* Compal RXM-G1 */ + {QMI_FIXED_INTF(0x05c6, 0x920d, 0)}, + {QMI_FIXED_INTF(0x05c6, 0x920d, 5)}, + {QMI_QUIRK_SET_DTR(0x05c6, 0x9625, 4)}, /* YUGA CLM920-NC5 */ diff --git a/queue-4.14/nilfs2-fix-incomplete-buffer-cleanup-in-nilfs_btnode_abort_change_key.patch b/queue-4.14/nilfs2-fix-incomplete-buffer-cleanup-in-nilfs_btnode_abort_change_key.patch new file mode 100644 index 00000000000..1f83d347b62 --- /dev/null +++ b/queue-4.14/nilfs2-fix-incomplete-buffer-cleanup-in-nilfs_btnode_abort_change_key.patch @@ -0,0 +1,53 @@ +From 2f012f2baca140c488e43d27a374029c1e59098d Mon Sep 17 00:00:00 2001 +From: Ryusuke Konishi +Date: Sat, 13 May 2023 19:24:28 +0900 +Subject: nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() + +From: Ryusuke Konishi + +commit 2f012f2baca140c488e43d27a374029c1e59098d upstream. + +A syzbot fault injection test reported that nilfs_btnode_create_block, a +helper function that allocates a new node block for b-trees, causes a +kernel BUG for disk images where the file system block size is smaller +than the page size. + +This was due to unexpected flags on the newly allocated buffer head, and +it turned out to be because the buffer flags were not cleared by +nilfs_btnode_abort_change_key() after an error occurred during a b-tree +update operation and the buffer was later reused in that state. + +Fix this issue by using nilfs_btnode_delete() to abandon the unused +preallocated buffer in nilfs_btnode_abort_change_key(). + +Link: https://lkml.kernel.org/r/20230513102428.10223-1-konishi.ryusuke@gmail.com +Signed-off-by: Ryusuke Konishi +Reported-by: syzbot+b0a35a5c1f7e846d3b09@syzkaller.appspotmail.com +Closes: https://lkml.kernel.org/r/000000000000d1d6c205ebc4d512@google.com +Tested-by: Ryusuke Konishi +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + fs/nilfs2/btnode.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +--- a/fs/nilfs2/btnode.c ++++ b/fs/nilfs2/btnode.c +@@ -304,6 +304,14 @@ void nilfs_btnode_abort_change_key(struc + radix_tree_delete(&btnc->page_tree, newkey); + spin_unlock_irq(&btnc->tree_lock); + unlock_page(ctxt->bh->b_page); +- } else +- brelse(nbh); ++ } else { ++ /* ++ * When canceling a buffer that a prepare operation has ++ * allocated to copy a node block to another location, use ++ * nilfs_btnode_delete() to initialize and release the buffer ++ * so that the buffer flags will not be in an inconsistent ++ * state when it is reallocated. ++ */ ++ nilfs_btnode_delete(nbh); ++ } + } diff --git a/queue-4.14/nilfs2-fix-possible-out-of-bounds-segment-allocation-in-resize-ioctl.patch b/queue-4.14/nilfs2-fix-possible-out-of-bounds-segment-allocation-in-resize-ioctl.patch new file mode 100644 index 00000000000..6efef3d430f --- /dev/null +++ b/queue-4.14/nilfs2-fix-possible-out-of-bounds-segment-allocation-in-resize-ioctl.patch @@ -0,0 +1,62 @@ +From fee5eaecca86afa544355569b831c1f90f334b85 Mon Sep 17 00:00:00 2001 +From: Ryusuke Konishi +Date: Wed, 24 May 2023 18:43:48 +0900 +Subject: nilfs2: fix possible out-of-bounds segment allocation in resize ioctl + +From: Ryusuke Konishi + +commit fee5eaecca86afa544355569b831c1f90f334b85 upstream. + +Syzbot reports that in its stress test for resize ioctl, the log writing +function nilfs_segctor_do_construct hits a WARN_ON in +nilfs_segctor_truncate_segments(). + +It turned out that there is a problem with the current implementation of +the resize ioctl, which changes the writable range on the device (the +range of allocatable segments) at the end of the resize process. + +This order is necessary for file system expansion to avoid corrupting the +superblock at trailing edge. However, in the case of a file system +shrink, if log writes occur after truncating out-of-bounds trailing +segments and before the resize is complete, segments may be allocated from +the truncated space. + +The userspace resize tool was fine as it limits the range of allocatable +segments before performing the resize, but it can run into this issue if +the resize ioctl is called alone. + +Fix this issue by changing nilfs_sufile_resize() to update the range of +allocatable segments immediately after successful truncation of segment +space in case of file system shrink. + +Link: https://lkml.kernel.org/r/20230524094348.3784-1-konishi.ryusuke@gmail.com +Fixes: 4e33f9eab07e ("nilfs2: implement resize ioctl") +Signed-off-by: Ryusuke Konishi +Reported-by: syzbot+33494cd0df2ec2931851@syzkaller.appspotmail.com +Closes: https://lkml.kernel.org/r/0000000000005434c405fbbafdc5@google.com +Tested-by: Ryusuke Konishi +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + fs/nilfs2/sufile.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +--- a/fs/nilfs2/sufile.c ++++ b/fs/nilfs2/sufile.c +@@ -791,6 +791,15 @@ int nilfs_sufile_resize(struct inode *su + goto out_header; + + sui->ncleansegs -= nsegs - newnsegs; ++ ++ /* ++ * If the sufile is successfully truncated, immediately adjust ++ * the segment allocation space while locking the semaphore ++ * "mi_sem" so that nilfs_sufile_alloc() never allocates ++ * segments in the truncated space. ++ */ ++ sui->allocmax = newnsegs - 1; ++ sui->allocmin = 0; + } + + kaddr = kmap_atomic(header_bh->b_page); diff --git a/queue-4.14/nios2-dts-fix-tse_mac-max-frame-size-property.patch b/queue-4.14/nios2-dts-fix-tse_mac-max-frame-size-property.patch new file mode 100644 index 00000000000..1c875f35b57 --- /dev/null +++ b/queue-4.14/nios2-dts-fix-tse_mac-max-frame-size-property.patch @@ -0,0 +1,46 @@ +From 85041e12418fd0c08ff972b7729f7971afb361f8 Mon Sep 17 00:00:00 2001 +From: Janne Grunau +Date: Sun, 12 Feb 2023 13:16:32 +0100 +Subject: nios2: dts: Fix tse_mac "max-frame-size" property + +From: Janne Grunau + +commit 85041e12418fd0c08ff972b7729f7971afb361f8 upstream. + +The given value of 1518 seems to refer to the layer 2 ethernet frame +size without 802.1Q tag. Actual use of the "max-frame-size" including in +the consumer of the "altr,tse-1.0" compatible is the MTU. + +Fixes: 95acd4c7b69c ("nios2: Device tree support") +Fixes: 61c610ec61bb ("nios2: Add Max10 device tree") +Cc: +Signed-off-by: Janne Grunau +Signed-off-by: Dinh Nguyen +Signed-off-by: Greg Kroah-Hartman +--- + arch/nios2/boot/dts/10m50_devboard.dts | 2 +- + arch/nios2/boot/dts/3c120_devboard.dts | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +--- a/arch/nios2/boot/dts/10m50_devboard.dts ++++ b/arch/nios2/boot/dts/10m50_devboard.dts +@@ -108,7 +108,7 @@ + rx-fifo-depth = <8192>; + tx-fifo-depth = <8192>; + address-bits = <48>; +- max-frame-size = <1518>; ++ max-frame-size = <1500>; + local-mac-address = [00 00 00 00 00 00]; + altr,has-supplementary-unicast; + altr,enable-sup-addr = <1>; +--- a/arch/nios2/boot/dts/3c120_devboard.dts ++++ b/arch/nios2/boot/dts/3c120_devboard.dts +@@ -118,7 +118,7 @@ + interrupt-names = "rx_irq", "tx_irq"; + rx-fifo-depth = <8192>; + tx-fifo-depth = <8192>; +- max-frame-size = <1518>; ++ max-frame-size = <1500>; + local-mac-address = [ 00 00 00 00 00 00 ]; + phy-mode = "rgmii-id"; + phy-handle = <&phy0>; diff --git a/queue-4.14/ocfs2-check-new-file-size-on-fallocate-call.patch b/queue-4.14/ocfs2-check-new-file-size-on-fallocate-call.patch new file mode 100644 index 00000000000..5dd8df22cf8 --- /dev/null +++ b/queue-4.14/ocfs2-check-new-file-size-on-fallocate-call.patch @@ -0,0 +1,57 @@ +From 26a6ffff7de5dd369cdb12e38ba11db682f1dec0 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Lu=C3=ADs=20Henriques?= +Date: Mon, 29 May 2023 16:26:45 +0100 +Subject: ocfs2: check new file size on fallocate call +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Luís Henriques + +commit 26a6ffff7de5dd369cdb12e38ba11db682f1dec0 upstream. + +When changing a file size with fallocate() the new size isn't being +checked. In particular, the FSIZE ulimit isn't being checked, which makes +fstest generic/228 fail. Simply adding a call to inode_newsize_ok() fixes +this issue. + +Link: https://lkml.kernel.org/r/20230529152645.32680-1-lhenriques@suse.de +Signed-off-by: Luís Henriques +Reviewed-by: Mark Fasheh +Reviewed-by: Joseph Qi +Cc: Joel Becker +Cc: Junxiao Bi +Cc: Changwei Ge +Cc: Gang He +Cc: Jun Piao +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + fs/ocfs2/file.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +--- a/fs/ocfs2/file.c ++++ b/fs/ocfs2/file.c +@@ -2109,14 +2109,20 @@ static long ocfs2_fallocate(struct file + struct ocfs2_space_resv sr; + int change_size = 1; + int cmd = OCFS2_IOC_RESVSP64; ++ int ret = 0; + + if (mode & ~(FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE)) + return -EOPNOTSUPP; + if (!ocfs2_writes_unwritten_extents(osb)) + return -EOPNOTSUPP; + +- if (mode & FALLOC_FL_KEEP_SIZE) ++ if (mode & FALLOC_FL_KEEP_SIZE) { + change_size = 0; ++ } else { ++ ret = inode_newsize_ok(inode, offset + len); ++ if (ret) ++ return ret; ++ } + + if (mode & FALLOC_FL_PUNCH_HOLE) + cmd = OCFS2_IOC_UNRESVSP64; diff --git a/queue-4.14/ocfs2-fix-use-after-free-when-unmounting-read-only-filesystem.patch b/queue-4.14/ocfs2-fix-use-after-free-when-unmounting-read-only-filesystem.patch new file mode 100644 index 00000000000..c133dc0ef0c --- /dev/null +++ b/queue-4.14/ocfs2-fix-use-after-free-when-unmounting-read-only-filesystem.patch @@ -0,0 +1,100 @@ +From 50d927880e0f90d5cb25e897e9d03e5edacc79a8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Lu=C3=ADs=20Henriques?= +Date: Mon, 22 May 2023 11:21:12 +0100 +Subject: ocfs2: fix use-after-free when unmounting read-only filesystem +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Luís Henriques + +commit 50d927880e0f90d5cb25e897e9d03e5edacc79a8 upstream. + +It's trivial to trigger a use-after-free bug in the ocfs2 quotas code using +fstest generic/452. After a read-only remount, quotas are suspended and +ocfs2_mem_dqinfo is freed through ->ocfs2_local_free_info(). When unmounting +the filesystem, an UAF access to the oinfo will eventually cause a crash. + +BUG: KASAN: slab-use-after-free in timer_delete+0x54/0xc0 +Read of size 8 at addr ffff8880389a8208 by task umount/669 +... +Call Trace: + + ... + timer_delete+0x54/0xc0 + try_to_grab_pending+0x31/0x230 + __cancel_work_timer+0x6c/0x270 + ocfs2_disable_quotas.isra.0+0x3e/0xf0 [ocfs2] + ocfs2_dismount_volume+0xdd/0x450 [ocfs2] + generic_shutdown_super+0xaa/0x280 + kill_block_super+0x46/0x70 + deactivate_locked_super+0x4d/0xb0 + cleanup_mnt+0x135/0x1f0 + ... + + +Allocated by task 632: + kasan_save_stack+0x1c/0x40 + kasan_set_track+0x21/0x30 + __kasan_kmalloc+0x8b/0x90 + ocfs2_local_read_info+0xe3/0x9a0 [ocfs2] + dquot_load_quota_sb+0x34b/0x680 + dquot_load_quota_inode+0xfe/0x1a0 + ocfs2_enable_quotas+0x190/0x2f0 [ocfs2] + ocfs2_fill_super+0x14ef/0x2120 [ocfs2] + mount_bdev+0x1be/0x200 + legacy_get_tree+0x6c/0xb0 + vfs_get_tree+0x3e/0x110 + path_mount+0xa90/0xe10 + __x64_sys_mount+0x16f/0x1a0 + do_syscall_64+0x43/0x90 + entry_SYSCALL_64_after_hwframe+0x72/0xdc + +Freed by task 650: + kasan_save_stack+0x1c/0x40 + kasan_set_track+0x21/0x30 + kasan_save_free_info+0x2a/0x50 + __kasan_slab_free+0xf9/0x150 + __kmem_cache_free+0x89/0x180 + ocfs2_local_free_info+0x2ba/0x3f0 [ocfs2] + dquot_disable+0x35f/0xa70 + ocfs2_susp_quotas.isra.0+0x159/0x1a0 [ocfs2] + ocfs2_remount+0x150/0x580 [ocfs2] + reconfigure_super+0x1a5/0x3a0 + path_mount+0xc8a/0xe10 + __x64_sys_mount+0x16f/0x1a0 + do_syscall_64+0x43/0x90 + entry_SYSCALL_64_after_hwframe+0x72/0xdc + +Link: https://lkml.kernel.org/r/20230522102112.9031-1-lhenriques@suse.de +Signed-off-by: Luís Henriques +Reviewed-by: Joseph Qi +Tested-by: Joseph Qi +Cc: Mark Fasheh +Cc: Joel Becker +Cc: Junxiao Bi +Cc: Changwei Ge +Cc: Gang He +Cc: Jun Piao +Cc: +Signed-off-by: Andrew Morton +Signed-off-by: Greg Kroah-Hartman +--- + fs/ocfs2/super.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +--- a/fs/ocfs2/super.c ++++ b/fs/ocfs2/super.c +@@ -985,8 +985,10 @@ static void ocfs2_disable_quotas(struct + for (type = 0; type < OCFS2_MAXQUOTAS; type++) { + if (!sb_has_quota_loaded(sb, type)) + continue; +- oinfo = sb_dqinfo(sb, type)->dqi_priv; +- cancel_delayed_work_sync(&oinfo->dqi_sync_work); ++ if (!sb_has_quota_suspended(sb, type)) { ++ oinfo = sb_dqinfo(sb, type)->dqi_priv; ++ cancel_delayed_work_sync(&oinfo->dqi_sync_work); ++ } + inode = igrab(sb->s_dquot.files[type]); + /* Turn off quotas. This will remove all dquot structures from + * memory and so they will be automatically synced to global diff --git a/queue-4.14/series b/queue-4.14/series index e3a94687d42..7d0c554398b 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -8,3 +8,9 @@ mips-restore-au1300-support.patch mips-alchemy-fix-dbdma2.patch mips-move-initrd_start-check-after-initrd-address-sa.patch xen-blkfront-only-check-req_fua-for-writes.patch +ocfs2-fix-use-after-free-when-unmounting-read-only-filesystem.patch +ocfs2-check-new-file-size-on-fallocate-call.patch +nios2-dts-fix-tse_mac-max-frame-size-property.patch +nilfs2-fix-incomplete-buffer-cleanup-in-nilfs_btnode_abort_change_key.patch +nilfs2-fix-possible-out-of-bounds-segment-allocation-in-resize-ioctl.patch +net-usb-qmi_wwan-add-support-for-compal-rxm-g1.patch -- 2.47.2